ZLAB Announces Ransomware-as-a-Service platforms Report

by do son · Published April 20, 2018 · Updated April 20, 2018

Recently, the security experts of the CSE CybSec ZLab malware lab conducted an interesting analysis of the main Ransomware-as-a-Service platform on the dark network, including RaaSberry, Ranion, EarthRansomware, RedfoxRansomware, Createyourownransomware, DataKeeper, etc..

Over the years, the spread of dark networks has created new illegal business models. In addition to typical illegal products such as drug and payment card data, underground hackers have also emerged from other services such as hacking services and malware development. The new platform allows unscrupulous people without any technical skills to create their own ransomware and spread it.

Ransomware is malicious code that infects a victim’s machine and blocks or encrypts their files. Hackers use it to require a victim to pay a ransom. When ransomware is installed on the victim’s machine, it searches for and locates sensitive files and data, including financial data, databases, and personal files. The purpose of developing ransomware is to make the victim’s machine unusable. There are only two options for the user: one is to pay the ransom without obtaining the guarantee of the original document, and the other is to disconnect the PC from the Internet.

As a result, the rise of the RaaS business model allows malicious actors to launch network extortion without any technical expertise, which is why the new ransomware market is rampant.

Ransomware as a service is a profit model for malware vendors and their customers. Malware vendors using this method can obtain new infection vectors and may be exposed through traditional methods such as email spam or compromised websites. To new victims, they cannot reach. RaaS customers can easily obtain ransomware through the Ransomware-as-a-Service portal, by configuring only a few features and distributing malware to unsuspecting victims.

Of course, RaaS platforms cannot be found on Clearnet, so they are hidden on the Internet Darknet. However, through non-traditional search engines browsing black pages, several websites offering RaaS can be found. On this site, each person provides different functions for ransomware, allowing the user to select the file extensions considered during the encryption phase; the ransom required for the victim and other technical features that the malware will implement.

In addition, in addition to using a ransomware-as-a-service platform, the purchase of customized malware can also be done through criminal forums or websites where hackers can be hired to create personal malware. Historically, this business has always existed, but it is used exclusively for cyber attacks such as espionage, account hacking, and website tampering. Under normal circumstances, only when hackers learn that it can make money, they began to provide this particular service.